Yes, DevSecOps is a buzz-word, but it’s an important one! Security has an important part to play in application lifecycles and workflows. Learn how you can best integrate security into your existing pipelines.
Containers are increasingly becoming the standard unit of software. The container image, technically defined in the OCI image specification, is a key component of modern tooling, from Docker to Kubernetes to platforms like AWS Fargate and Google Cloud Run. What does this mean for application security? Where we use container images One of the interesting […]
In February of this year, Snyk launched a new educational, vendor-neutral, and security-focused community, The Secure Developer. Snyk wants to help developers adopt a security mindset throughout their development process and The Secure Developer community is the place where you can do just that; a place to learn security best practices from experts in an […]
In this cheat sheet edition, we’re going to focus on ten Java security best practices for both open source maintainers and developers. This cheat sheet is a collaboration between Brian Vermeer, Developer Advocate for Snyk and Jim Manico, Java Champion and founder of Manicode Security. We recommend you print out the cheat sheet and also […]
Developers primarily work from their favorite IDE (integrated development environment). For that reason, good IDE extensions and plugins are becoming more and more important. For this blog, I examined Eclipse IDE plugins and then narrowed it down to the top 10 most helpful plugins that I have added to my own toolkit. You can download […]
We are thrilled to announce that Snyk has acquired DevSecCon, the world’s premier conference dedicated to DevSecOps – getting developers and security working well together! Together, Snyk and the DevSecCon team, led by Francois Raynaud, will partner to maintain a vendor neutral home dedicated to growing and strengthening the DevSecOps community with additional support and resources, including 9 global conferences in the remainder of 2019 and 2020.
Snyk has partnered with O’Reilly to offer a new book
If you’re building a serverless application, chances are that your functions need to access secrets or other types of sensitive information that you’re storing, such as API keys, tokens, or passwords. However, managing these secrets properly may sometimes prove to be a difficult task. When users fail to adopt a key management service, these secrets, […]
In this cheat sheet we’ll cover how you can be more secure as an Azure Repos user or contributor. Some of it is specific to Azure Repos, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of […]
Having team-wide rules that prevent credentials from being stored as code is a great way to police bad actions in the existing developer workflow. There are internal tools like Azure Key Vault
If you find sensitive data in your Azure Repos repository, you need to do a number of things to recover. First of all you'll need to invalidate the tokens and passwords that were once public. Once a secret is public on the internet, you should assume it's in the hands of attackers and react accordingly.
The following is a best practice guideline from our series of 8 Azure Repos security best practices DOWNLOAD THE CHEAT SHEET! 3. Tightly control access to your Azure Repos Here in the UK, when it gets really, really hot (read: mildly warm) us Brits tend to open all the windows in the house to make […]